Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-267

not enforced IP processing broken

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 4.0.0, 4.0.1
    • 5.0.0.0, 4.2.0.0
    • Web Agents

      Description

      Configure not enforce IP processing that matches the client IP from the incoming request

      excerpt from Apache http server access.log
      192.168.56.1 - - [14/Nov/2016:10:27:35 +0100] "GET / HTTP/1.1" 302 618 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0"
      
      excerpt from central agent profile
      com.sun.identity.agents.config.notenforced.ip[0]=192.168.56.1
      

      Although the IP is not enforced the agent enforces the request and access is denied.

      excerpt from agent debug log
      ...
      2016-11-14 10:38:12.463 +0100   DEBUG [0x7fe2791f1700:3762][source/config_xml.c:263] am_parse_config_xml() com.sun.identity.agents.config.notenforced.ip is set to 1 value(s)
      ...
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:552] handle_not_enforced():
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:613] handle_not_enforced(): application logout url feature is not enabled
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:665] handle_not_enforced(): attempting match with absolute access denied url http://ubuntu1204.test.xyz/403.html
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:691] handle_not_enforced(): created normalised access denied url http://ubuntu1204.test.xyz:80/403.html ready for matching with http://ubuntu1204.test.xyz:80/
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:730] handle_not_enforced(): client ip address 192.168.56.1 does not match 192.168.56.1
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:756] handle_not_enforced(): validating http://ubuntu1204.test.xyz:80/
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:765] handle_not_enforced(): trying not enforced pattern /403.html
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:785] handle_not_enforced(): validating http://ubuntu1204.test.xyz:80/ ignoring query attributes
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:874] handle_not_enforced(): extended not enforced url validation feature is not enabled
      2016-11-14 10:38:12.464 +0100   DEBUG [0x7fe2791f1700:3762][source/process.c:877] handle_not_enforced(): http://ubuntu1204.test.xyz:80/ is enforced
      

        Attachments

          Activity

            People

            mareks Mareks Malnacs
            bthalmayr Bernhard Thalmayr
              edwardb edwardb
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0h
                0h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 40m
                40m